International email bomb hoax proves to be a spectacular failure

Recipients told there was a hidden bomb that would detonate unless a Bitcoin ransom was paid.
            

International email bomb hoax proves to be a spectacular failure

Authorities in the United States, Canada, Australia, and New Zealand are said to be investigating a wave of bogus bomb threats that have been sent to a variety of organisations late on Thursday.

Scores of colleges, businesses, hospitals and courthouses are believed to have received the emails which demands a Bitcoin payment be made by the end of the working day.

Bomb threat

There are minor differences in the emails (mostly words being swapped around), but here is a typical message:

There is the bomb (tronitrotoluene) in the building where your business is located. My recruited person constructed an explosive device under my direction. It has small dimensions and it is hidden very well, it is impossible to damage the supporting building structure by my bomb, but there will be many wounded people if it detonates.

My man is controlling the situation around the building. If any unnatural behavior, panic or emergency is noticed he will power the device.

I want to suggest you a deal. You send me $20’000 in Bitcoin and the bomb will not detonate, but do not try to fool me -I warrant you that I have to call off my man solely after 3 confirmations in blockchain network.

My payment details (Bitcoin address)- 149oyt2DL52Jgykhg5vh7Jm10pdpfuyVqd

You must pay me by the end of the workday. If the working day is over and people start leaving the building explosive will explode.

This is just a business, if I do not see the money and the bomb detonates, next time other commercial enterprises will send me a lot more, because this is not a single incident. I wont enter this email. I check my Bitcoin wallet every 40 min and after seeing the payment I will order my mercenary to leave your district. If an explosion occurred and the authorities see this letter:
we arent a terrorist society and do not assume responsibility for explosions in other places.

Police authorities have confirmed that they do not believe the threats to be genuine, but you can understand the anxiety that some schools and businesses will have experienced receiving an email like this.

It takes very little effort for some cockwomble to spam out a threat like this to a list of businesses and colleges, and the impact is even more considerable than the sextortion emails that so many of us have received in recent months, quoting old passwords and claiming to have captured video footage of us as we visited porn websites (spoiler: they don’t have any video footage of you).

Sextortion is unpleasant enough, but terrifying schools with bomb threats? The police aren’t going to turn a blind eye to that, and I expect the FBI to putting considerable effort into trying to track down who might be responsible.

I also can’t help but wonder if this latest spate of spammed-out bomb hoaxes is in any way connected to the sentencing last week of British teenager George Duke-Cohan, who targeted schools in the UK and United States earlier this year with a similar extortion.

Duke-Cohan has just been sent to prison for three years for his bomb threats. Let’s hope there’s a similar outcome for whoever is behind this latest wave of hoaxes.

In case you do receive a bomb threat email, here is the advice:

  • Do not respond or try to contact the sender.
  • Do not pay the ransom.
  • Report the email to the FBI’s Internet Crime Complaint Center or your local FBI field office.

The good news is, so far, it appears that none of the hoaxer’s intended victims has coughed up the $20,000 worth of Bitcoin. So, in that regard, the attack has been a spectacular failure.

If, however, the hoaxer was less interested in the money and keener on just causing disruption - well, I guess they have achieved their aim.

For more discussion on what George Duke-Cohan did, be sure to listen to this episode of the “Smashing Security” podcast:

Smashing Security #108: ‘Hoaxes, Huawei and chatbots - with Mikko Hyppönen’

Listen on Apple Podcasts | Google Podcasts | Other… | RSS for you nerds.

            

Tags: , , ,

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , ,

2 Responses

  1. Matt Parkes

    December 19, 2018 at 10:45 am #

    My company here in the UK received this hoax, or at least one of our Sales Managers did, needless to say we identified this as a hoax, however the initial reasons for deciding this were not what I would have expected.

  2. coyote

    December 21, 2018 at 10:36 pm #

    I don’t know if this says anything about my age but when I saw the title the first thing I thought of was the old email bombs (though how flooding a mailbox with emails would end up being a hoax I can’t say but I’ve been extremely tired and finding it rather hard to read in my usual way ..or maybe it’s just remembering old times. Probably both) rather than physical bombs. How times have changed… Much like malware as you pointed out some years ago. Have a good holiday or holidays more like, Graham!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.